Hello,
can you make a pull request on githup project with the patch that you
consider it fixes the issue?
-
There is easier to review as well as have automatic builds to be sure no
compile issue pops up. Also, the issue is not forgotten, given the
holidays season is around.
Thanks,
Daniel
On 11/07/16 11:35, Michael Furmur wrote:
There is a bug in ipops module related to matching
subnet with mask /0
modules/ipops/ipops_mod.c:
533 static int w_ip_is_in_subnet(struct sip_msg*
_msg, char* _s1,
char* _s2)
...
538 int netmask = 0;
...
589 if (netmask == 0)
590 {
591 if (_compare_ips(string1.s, string1.len, ip1_type,
string2.s,
string2.len, ip2_type))
the code above has collision for cases when mask is not specified or
specified as zero.
for example: checking if 127.0.0.1 in 0.0.0.0/0 will give negative
result because of exact ip matching instead of subnet matching
and this is definitely not expected behavior if we speak about CIDR.
the simplest fix is to init 'netmask' variable with -1 and check against
-1 on branching:
538 int netmask = -1;
589 if (netmask == -1)
please, check and fix